[ejabberd] Proposed huge reorganization of ejabberd.cfg.example

Peter Saint-Andre stpeter at stpeter.im
Fri Sep 28 08:51:11 MSD 2007


Hi badlop, I haven't had time to look at it in detail but this looks great!

> ejabberd.cfg.example exists almost since Alexey started the project 5
> years ago. While ejabberd has gained more and more features,
> authentication methods, modules, virtual hosting, more ACL and
> ACCESS... the example config file has grown more and more, retaining
> its original organization.
>
> I propose to reorganize ejabberd.cfg.example, grouping the options and
> sorting them in a way as similar as possible to the ejabbed Guide.
>
> This is a cheap way to make ejabberd.cfg more understandable without
> having to modify its Erlang-oriented format.
>
> During those years, some people suggested to use an XML or Apache-like
> format, but I consider that it's better to improve the current format:
> this reorganization, a config syntax checker [1]...
>
> Here is my proposal. I include it here so you can comment any
> suggestion, quoting the problematic lines. Please compare it with the
> ejabberd Guide SVN:
> http://svn.process-one.net/ejabberd/trunk/doc/guide.html
>
> I'll apply the suggestions I consider interesting, before submitting
> to the ejabberd bug tracker.
>
> ---------------------- START ejabberd.cfg.example
> %%%
> %%%             ejabberd configuration file
> %%%
>
> %%% The ejabberd Guide provides detailed explanation
> %%% for the parameters used in this ejabberd configuration file.
> %%% Please consult the Guide in case of doubts.
>
> %%% $Id$
>
>
> % Override the old values stored in the database
> %override_global.
> %override_local.
> %override_acls.
>
>
> %%%   =========
> %%%   DEBUGGING
>
> % ejabberd loglevel (0: no log -> 5: debug)
> {loglevel, 4}.
>
> % Watchdog admins receive live notifications if an ejabberd process
> % consumes too much memory
> %{watchdog_admins, ["bob at example.com"]}.
>
>
> %%%   =============
> %%%   VIRTUAL HOSTS
>
> % Name of your Jabber server:
> {hosts, ["localhost"]}.
>
> % ejabberd can serve several virtual hosts, for example:
> {hosts, ["example.net", "example.com", "example.org"]}.
>
> % If a virtual host is subdomain of another, like for example:
> % example.net and jabber.example.net
> % and you want them to work correctly, enable this option:
> %{route_subdomains, s2s}.
>
>
> %%%   ===============
> %%%   LISTENING PORTS
>
> {listen,
>  [
>   {5222, ejabberd_c2s, [
> 	{access, c2s},
> 	{shaper, c2s_shaper},
> 	% If TLS is compiled and you installed a certificate,
> 	% put the correct path to your SSL certificate
> 	% and uncomment this line:
> 	%{certfile, "/path/to/ssl.pem"}, starttls,
> 	{max_stanza_size, 65536}
>   ]},
>
>   % To enable the old SSL connection method in port 5223:
>   %{5223, ejabberd_c2s,     [{access, c2s},
>   %			    {max_stanza_size, 65536},
>   %			    tls, {certfile, "/path/to/ssl.pem"}
>   %			   ]},
>
>   {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper},
> 			    {max_stanza_size, 131072}
> 			   ]},
>
>   %{8888, ejabberd_service, [{access, all}, {shaper_rule, fast},
>   %			    {hosts, ["icq.localhost", "sms.localhost"],
>   %			     [{password, "secret"}]}]},
>
>   {5280, ejabberd_http,    [http_poll, web_admin]}
> ]}.
>
> % If SRV lookup fails, then port 5269 is used to communicate with remote
> server
> {outgoing_s2s_port, 5269}.
>
> % To enable STARTTLS+Dialback for S2S connections:
> %{s2s_use_starttls, true}.
> %{s2s_certfile, "/path/to/ssl.pem"}.
> % If you want to specify a different certificate for each ejabberd virtual
> host:
> %{domain_certfile, "example.org", "/path/to/example_org.pem"}.
> %{domain_certfile, "example.com", "/path/to/example_com.pem"}.
>
> % S2S Whitelist or blacklist
> % Default s2s policy for undefined hosts:
> %{s2s_default_policy, allow}.
> % To allow or deny specific servers:
> %{{s2s_host,"goodhost.org"}, allow}.
> %{{s2s_host,"badhost.org"}, deny}.
>
>
> %%%   ==============
> %%%   AUTHENTICATION
>
> % The default authentication method is the internal:
> {auth_method, internal}.
>
> % For LDAP authentication use these lines instead of above one:
> %{auth_method, ldap}.
> %{ldap_servers, ["localhost"]}.    % List of LDAP servers
> %{ldap_uids, [{"mail", "%u at mail.example.org"}]}.  % LDAP attribute
> that holds user ID
> %{ldap_base, "dc=example,dc=com"}. % Search base of LDAP directory
> %{ldap_rootdn, "dc=example,dc=com"}. % LDAP manager
> %{ldap_password, "******"}. % Password to LDAP manager
>
> % For authentication via external script use the following:
> %{auth_method, external}.
> %{extauth_program, "/path/to/authentication/script"}.
>
> % For authentication via ODBC use the following:
> %{auth_method, odbc}.
> %{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
>
> % Uncomment this if you are using postgres, having a large DB, and need a
> % faster but inexact replacement for "select count(*) from users"
> %{pgsql_users_number_estimate, true}.
>
> % Anonymous login support:
> %   auth_method: anonymous
> %   anonymous_protocol: sasl_anon | login_anon | both
> %   allow_multiple_connections: true | false
> %{host_config, "public.example.org", [{auth_method, anonymous},
> %                                     {allow_multiple_connections, false},
> %                                     {anonymous_protocol, sasl_anon}]}.
> % To use both anonymous and internal authentication:
> %{host_config, "public.example.org", [{auth_method, [internal,
> anonymous]}]}.
>
>
> %%%   ================
> %%%   DATABASE STORAGE
>
> % ejabberd uses by default the internal Mnesia database.
> % For instructions about using other database backends,
> % please consult the ejabberd Guide.
>
>
> %%%   ===
> %%%   ACL
>
> % Jabber accounts with admin privileges
> %{acl, admin, {user, "aleksey", "localhost"}}.
> %{acl, admin, {user, "ermine"}}.
>
> % Blocked users:
> %{acl, blocked, {user, "test"}}.
>
> % Local users:
> {acl, local, {user_regexp, ""}}.
>
> % Another examples of ACLs:
> %{acl, jabberorg, {server, "jabber.org"}}.
> %{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
> %{acl, test, {user_regexp, "^test"}}.
> %{acl, test, {user_glob, "test*"}}.
>
>
> %%%   ============
> %%%   ACCESS RULES
>
> %% Define the maximum number of time a single user is allowed to connect:
> {access, max_user_sessions, [{10, all}]}.
>
> % Only admins can use configuration interface:
> {access, configure, [{allow, admin}]}.
>
> % Every username can be registered via in-band registration:
> % To disable in-band registration, replace 'allow' with 'deny'.
> {access, register, [{allow, all}]}.
>
> % Only admins can send announcement messages:
> {access, announce, [{allow, admin}]}.
>
> % Only non-blocked users can use c2s connections:
> {access, c2s, [{deny, blocked},
> 	       {allow, all}]}.
>
> % For all users except admins used "normal" shaper
> {access, c2s_shaper, [{none, admin},
> 		      {normal, all}]}.
>
> % For all S2S connections used "fast" shaper
> {access, s2s_shaper, [{fast, all}]}.
>
> % Admins of this server are also admins of MUC service:
> {access, muc_admin, [{allow, admin}]}.
>
> % All users are allowed to use MUC service:
> {access, muc, [{allow, all}]}.
>
> % Everybody can create pubsub nodes
> {access, pubsub_createnode, [{allow, all}]}.
>
> % This rule allows access only for local users:
> {access, local, [{allow, local}]}.
>
>
> %%%   =======
> %%%   SHAPERS
>
> % Set shaper with name "normal" to limit traffic speed to 1000B/s
> {shaper, normal, {maxrate, 1000}}.
>
> % Set shaper with name "fast" to limit traffic speed to 50000B/s
> {shaper, fast, {maxrate, 50000}}.
>
>
> %%%   ================
> %%%   DEFAULT LANGUAGE
>
> % Default language for server messages
> {language, "en"}.
>
>
> %%%   =======
> %%%   MODULES
>
> % Modules enabled in all ejabberd virtual hosts:
> {modules,
>  [
>   {mod_adhoc,      []},
>   {mod_announce,   [{access, announce}]}, % Depends on mod_adhoc
>   {mod_configure,  []}, % Requires mod_adhoc
>   {mod_disco,      []},
>   %{mod_echo,       [{host, "echo.localhost"}]},
>   {mod_irc,        []},
>   {mod_last,       []},
>   % Default options for mod_muc:
>   %   host: "conference. at HOST@"
>   %   access: all
>   %   access_create: all
>   %   access_persistent: all
>   %   access_admin: none (only room creator has owner privileges)
>   {mod_muc,        [{access, muc},
> 		    {access_create, muc},
> 		    {access_persistent, muc},
> 		    {access_admin, muc_admin}]},
>   %{mod_muc_log,    []},
>   {mod_offline,    []},
>   {mod_privacy,    []},
>   {mod_private,    []},
>   %{mod_proxy65,    []},
>   {mod_pubsub,     [{access_createnode, pubsub_createnode}]},
>   {mod_register,   [
> 	% After successful registration, the user will receive a message with
> 	% the following subject and body:
> 	%{welcome_message, {"Welcome!", "Welcome to this Jabber server."}},
> 	% List of people who will get notifications when users register
> 	%{registration_watchers, ["admin1 at example.org", "admin2 at example.org"]},
> 	{access, register}
>   ]},
>   {mod_roster,     []},
>   %{mod_service_log,[]},
>   {mod_shared_roster,[]},
>   {mod_stats,      []},
>   {mod_time,       []},
>   {mod_vcard,      []},
>   {mod_version,    []}
>  ]}.
>
>
> % Local Variables:
> % mode: erlang
> % End:
> ---------------------- END
>
>
> [1] https://support.process-one.net/browse/EJAB-51
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>



More information about the ejabberd mailing list